[radvd/f15] fixes CVE-2011-3602

Jiri Skala jskala at fedoraproject.org
Mon Oct 10 13:01:21 UTC 2011 

commit 7c2fc00ca8b57faf71d61f4b67aea987f26b3ff6
Author: Jiri Skala <jskala at redhat.com>
Date:   Mon Oct 10 15:01:13 2011 +0200

    fixes CVE-2011-3602

 radvd-1.8.2-iface.patch |   12 ++++++++++++
 radvd.spec              |    9 ++++++++-
 2 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/radvd-1.8.2-iface.patch b/radvd-1.8.2-iface.patch
new file mode 100644
index 0000000..c1ed9d3
--- /dev/null
+++ b/radvd-1.8.2-iface.patch
@@ -0,0 +1,12 @@
+diff -up radvd-1.8.2/device-linux.c.iface radvd-1.8.2/device-linux.c
+--- radvd-1.8.2/device-linux.c.iface	2011-10-10 10:26:47.089760082 +0200
++++ radvd-1.8.2/device-linux.c	2011-10-10 10:27:12.149014098 +0200
+@@ -244,7 +244,7 @@ set_interface_var(const char *iface,
+ 		return -1;
+ 
+ 	/* No path traversal */
+-	if (strstr(name, "..") || strchr(name, '/'))
++	if (!iface[0] || !strcmp(iface, ".") || !strcmp(iface, "..") || strchr(iface, '/'))
+ 		return -1;
+ 
+ 	if (access(spath, F_OK) != 0)
diff --git a/radvd.spec b/radvd.spec
index de7be4a..f99d51c 100644
--- a/radvd.spec
+++ b/radvd.spec
@@ -4,7 +4,7 @@
 Summary:    A Router Advertisement daemon
 Name:       radvd
 Version:    1.8.2
-Release:    1%{?dist}
+Release:    2%{?dist}
 # The code includes the advertising clause, so it's GPL-incompatible
 License:    BSD with advertising
 Group:      System Environment/Daemons
@@ -20,6 +20,8 @@ Requires(pre):      /usr/sbin/useradd
 BuildRequires:      flex, flex-static, byacc
 BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
+Patch1: radvd-1.8.2-iface.patch
+
 %description
 radvd is the router advertisement daemon for IPv6.  It listens to router
 solicitations and sends router advertisements as described in "Neighbor
@@ -34,6 +36,8 @@ services.
 %prep
 %setup -q
 
+%patch1 -b -p1 .iface
+
 %build
 export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -fPIE" 
 export LDFLAGS='-pie -Wl,-z,relro,-z,now,-z,noexecstack,-z,nodlopen'
@@ -109,6 +113,9 @@ exit 0
 %{_sbindir}/radvdump
 
 %changelog
+* Mon Oct 10 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-2
+- fixes CVE-2011-3602
+
 * Fri Oct 07 2011 Jiri Skala <jskala at redhat.com> - 1.8.2-1
 - update to latest upstream version 1.8.2
 - this update fixes CVE-2011-360{1..5}

More information about the scm-commits mailing list